wirelessfandomcom-20200222-history
Wi-Fi How To
Collection of "How To" step-by-step recipies for making Wi-Fi work better. __FORCETOC__ Get started Wireless Networking Need To Know 2006 Measure wireless network performance * Internet speed testing (e.g., ''NDT) probably ''won't tell you anything about your wireless network performance (because wireless is normally faster than an Internet connection). * Instead, measure data transfer throughput between two computers on your network, using software tools such as: ** Iperf ** Netio * Wireless to wireless speed will probably be much less than wireless to wired speed, because only one wireless link in one direction can be active at any one time. Network Monitoring Monitor network throughout, amount of data sent/received, etc. See Network Monitors. Why and How to do a Site Survey * Crash Course: Wireless Site Surveys Use a wireless router as a wireless access point # Set IP address (manually) #* In the same address range as your other devices #* That doesn't conflict with any other device (e.g., router) # Disable internal DHCP server. # Connect (Ethernet) cable to LAN port, not WAN/Internet port. #* Nothing connected to WAN/Internet port. #* May need to use crossover type cable. # Disable any wireless-to-wired isolation feature. WPA/WPA2 WPA (Wi-Fi Protected Access) and WPA2 are strongly preferred over WEP (Wired Equivalent Privacy) because WEP can be easily cracked. There are two forms of WPA/WPA2: Personal or PSK (Pre-Shared Key), and Enterprise (RADIUS authentication). Use WPA Personal with Windows 98/Me/2000 Microsoft provides WPA/WPA2 support for Windows XP. For earlier versions of Windows, third-party software must be used: * McAfee (free for WPA-PSK) * Odyssey Access Client (commercial) * wpa_supplicant (free, for Linux, BSD, and Windows) Use WPA/WPA2 Enterprise WPA Enterprise enhances security and is preferred over WPA because each client is authenticated separately. (Sharing a key is a security risk.) Practical authentication (RADIUS) solutions for small wireless networks include: * Radiuz (free external RADIUS service) * tinyPEAP (free PEAP server for Linksys WRT54G/GS routers) * ZyXEL G-2000 Plus (wireless router with built-in PEAP server) Secure a wireless network # Change the SSID to something truly unique (e.g., ''instead of ''Linksys, something like John Doe's private wireless). # Use some form of WPA security with a strong passphrase. (WEP is easily and quickly cracked.) # Use a personal firewall (software firewall) on all networked computers (wired or wireless). # [[#Secure network shares|Secure all network shares]] # Either ensure remote access to the wireless administrator interface is disabled, or set a strong wireless administrator password. * For more information, see Wi-Fi Security. ** For things not to do, see Wi-Fi Security Myths. Secure WDS WPA (Wi-Fi Protected Access) cannot normally be used to secure WDS (Wireless Distribution System) wireless repeating/range extension. However, according to the TechTarget Expert Answer Center, current versions of the following products support WDS with WPA (albeit likely only with products from the same vendor): * Apple Airport * Sveasoft Alchemy * Belkin 802.11g Wireless Network Access Point * 3COM OfficeConnect Wireless 108 Mbps 11g PoE Access Point * Corinex Wireless to Powerline Router G Setup a hotspot See: * Controlling WLAN access on a tight budget * Intel Wireless Hotspot Deployment Guide ''(link currently broken)'' ** Non-Intel link #1 (11/2003 version) ** Non-Intel link #2 (9/2005 version) * Wireless Isolation * Wikipedia:Hotspot (Wi-Fi) Liability: * ISP Liability * New Law Limits ISP Liability for Copyright Infringement Hotspot hardware Products that provide "captive portal" or splash page functionality: * D-Link ** Airspot DSA-3100 Public/Private Hot Spot Gateway ** Airspot DSA-3200 Wireless G Public/Private Hot Spot Gateway ** Airspot DSA-5100 Public/Private Hot Spot Gateway * Instant HotSpot * Linksys WRT54GL with modified firmware (Linksysinfo.org) ** See also Wi-Fi 3rd-party Firmware * SMCWHSG44-G EliteConnect Wireless Hotspot Gateway * SonicWALL TZ 150 Wireless * ZyAIR B-4000 Turn-key Hotspot Gateway Hotspot software Products that provide "captive portal" or splash page functionality: * DNS Redirector (Runs on Windows XP/2K/2K3 using any existing AP hardware) * Free RADIUS (open source RADIUS server) * tinyPEAP (very small RADIUS server) * ZoneCD (Public IP) Hotspot systems Turnkey hardware and software: * HotSpotSystem.com Controlling "squatters" and "leeching" Of varying effectiveness: # Password from the operator that must be entered on the initial splash or signon page, changed periodically. # WEP or WPA key that changes periodically. # Drastically reduced transmit power on the access point. # Distance measuring devices that can tell if the client is inside or outside. # Turn off wireless during off hours. # Don't provide electrical power (limiting use to battery capacity). # Download quotas and Quality of Service (QoS). These are rule based quotas for what an individual client may download. QoS is also good for preventing a user from hogging all your bandwidth. However, administration is tricky and there are ways around quotas. Mobile hotspot * Mobile RV systems ** WaveRV * RV hotspots ** Free Wi-Fi in RV Parks and Campgrounds ** Guide to Modem Friendly Campgrounds ** List of Free or low cost WiFi RV Parks ** RV Park WiFi Hotspots ** RV Wireless Internet * RV hotspot providers ** RVwifi ** WiFiRV Secure Internet access in a public hotspot * Wireless transmissions on a public hotspot are typically unencrypted, and thus exposed to snooping. * All computers on a public hotspot are typically exposed to each other, and thus vulnerable to network attacks. Use a software firewall * A good software "firewall" will protect your computer from network attacks. * See Wi-Fi Software Firewall. Secure network shares * Use strong passwords on all system accounts (including Administrator) and on all user accounts. * Microsoft Windows *# Use Simple File Sharing (Windows XP only); or *# Make sure that all network shares are secured with strong passwords (all versions of Windows). Use Control Panel → Administrative Tools → Computer Management → Shared Folders → Shares to review and check Properties of all network shares. Use SSL/TLS for email access * Using standard POP3/SMTP email protocols for email over wireless is very dangerous because passwords aren't encrypted. Use of SSL/TLS is the best way to secure email connections. * Email connections can be secured by using a Web-based email (webmail) service that supports SSL/TLS connections. Make sure your browser displays a padlock icon (just below) throughout your email session. Such services include: ** Google Mail (Gmail) (free) if you use this link after ''login: https://mail.google.com/ * POP3/SMTP sessions can also be protected if the email provider supports SSL/TLS. Such providers include: ** Google Mail (Gmail) (free) (Help available on configuring many email clients) * Even with SSL/TLS, '''email is still vulnerable to snooping' on the public Internet unless individual messages are encrypted (e.g., ''with S/MIME or OpenPGP). Use SSL/TLS for sensitive Web pages * Use of ''any ''website for sensitive information (''e.g., ''social security number, credit card number, on-line banking, on-line investments, ''etc.) should always be protected by means of SSL/TLS. The URL (link) should start with https. Make sure your browser displays a padlock icon (https://.) throughout your session. Use VPN to protect all transmissions * VPN (Virtual Private Networking) is used to construct and connect private networks using the public Internet. Communications are secured by means of some type of encryption, depending on the specific type of VPN. * See Wi-Fi VPN Service Providers. Give Wi-Fi preference over wired Ethernet (or vice versa) Interface routing Metrics control which interface will be used at any given time. Microsoft Windows * Automatic route Metrics: : * To display route Metrics, Run %COMSPEC% /K ROUTE PRINT ** For which Interface is which IP address, Run %COMSPEC% /K IPCONFIG /ALL ** Preference is given to the lowest Metric, or to the first bound Interface for equal Metrics, as shown for Default Route. * Route Metrics can be controlled with the Interface Metric option in Advanced TCP/IP Settings for a Connection. ** To give Wi-Fi preference over any wired Ethernet, set the Metric of Wireless to 10. ** To give any wired Ethernet preference over Wi-Fi, set the Metric of Wireless to 40. Make a Wi-Fi antenna or reflector for cheap * www.FreeAntennas.com ** Really works! ** Can help even when antenna isn't replaceable * Wikipedia:Cantenna * Coffee Cantenna * TinCantenna * Do-It-Yourself Wireless Antennas Update and Resource Center Amount of antenna improvement: * Standard "rubber duck" antenna gain (effectiveness) is about 2 dBi. * It takes an increase of 6 dBi to double range. Thus: : Add additional Wi-Fi access points (to increase coverage) * Configure all access points with same SSID * Ideally use different minimally interfering channels (1, 6, 11) * Place them: ** 'back-to-back' with directional antennas in opposite directions, or ** in different locations. * Additional access points best connected by wire to router, by means of ** Standard Ethernet cable ** Powerline networking ** Phoneline networking ** TV cable networking (Ethernet over coax) *** Coaxsys *** Multilet * Wireless repeater or WDS can be used, but: ** Can be difficult to get working ** Wireless throughput is cut in half Configure a Wi-Fi client bridge For background, see Can't connect to Wi-Fi client bridge and Internet at the same time. Problem: The NIC on a local computer needs a manually-assigned IP on the same subnet to connect to the client bridge config interface but then can't access the Internet, and when configured for DHCP through the client bridge can then talk to the Internet but not the client bridge. Solutions: # Multihoming of the NIC (single link, multiple IP addresses) #* For Microsoft Windows XP, see "Configuring Multiple IP Addresses on a Network Adapter" in Configuring IP Addressing and Name Resolution. Note: This only works with all manual addresses, not DHCP, which can be problematic when roaming unless managed with configuration manager software (see below) # Two NICs in one computer, both connected to the client bridge: #* one manually configured to talk to the client bridge config #* the other with DHCP for the Internet # Different computers for #* client bridge config (manually configured) #* Internet access (DHCP) # Connection manager software for rapid changing of NIC configuration profiles #* Boingo Wi-Fi software (free) #* Mobile Net Switch #* NetSwitcher Test and compare user interfaces Product simulators: * D-Link * Linksys Wireless Broadband (3G) Routers Use 3G cellular data instead of DSL or cable modem: * EVDO info * Junxion Box (works with CDMA or GSM) * Kyocera KR1 Mobile Router * Nexus Hawk (works with 802.11a/b/g, GSM and CDMA simultainiously) * Top Global routers Make shore Wi-Fi work better on a boat See ''Wi-Fi on a Boat Share USB devices over Wi-Fi New bi-directional USB 2.0 servers provide more functionality than older USB servers, including support for multi-function printers. * Wireless USB 2.0 servers ** Silex SX-2000WG Hi-Speed Wireless USB Device Server * Wired USB 2.0 servers (Can be adapted to Wi-Fi by cabling to wireless access point or wireless router, or with a [Ethernet Bridges|wireless Ethernet [client bridge]].) ** IOGEAR 2-Port USB 2.0 Multi-Function Print/Storage Server ** Keyspan USB 2.0 Server ** Zonet ZPS2000 Multi-Function USB 2.0 Print Server Share your Internet with a neighbor via Wi-Fi * See: ** Wireless Isolation ** Setup a Hotspot Extend Wi-Fi through a brick wall * Do you really need to go through a brick wall? Try going around the wall, with a directional antenna on the router site, and a reflector, above, below, or to the side of the wall. Reflectors can be as simple as a sheet of heavy aluminum foil, or you can use a pair of directional antennas wired back-to-back if more signal is needed. * Run a cable from one of wireless router's antenna connectors around or (drilled) through the wall, and on the other side of the wall attach an antenna. * Run Cat-5 or better cable from one of wireless router's RJ45 ports around or (drilled) through the wall, and on the other side of the wall attach a wireless access point. * Use powerline, phoneline, or coax networking to attach a wireless access point on the other side of the wall, if any of these cables are available on both sides of the wall. Roam seamlessly (using VPN) Information: * Mobile IP (MobileInfo.com) * RFC 2002 IP Mobility Support * Network design with Mobile IP Products: * Birdstep Intelligent Mobile IP Client * Cisco Mobile Client for Windows 2000, XP * ipUnplugged * Viatores Mobile IP VPN Wake on LAN * See Wikipedia:Wake-on-LAN * For Wake-on-LAN from 'outside' a router (e.g., over the Internet), what's needed is router support for directed broadcasts, which most low-end routers lack because directed-broadcasts is a security risk (e.g., Smurf attack) and isn't of much interest to the home/SOHO market in any event. Thus this is normally found only in more sophisticated products. * Products with Wake-On-LAN support: ** Buffalo AirStation 125 High-Speed Mode Wireless Secure Remote Gateway Make a Wi-Fi enclosure Microsoft Windows File and Printer Sharing * PracticallyNetworked ** Windows XP Simple File Sharing ** Windows XP Professional File Sharing * Microsoft ** File and Printer Sharing with Microsoft Windows ** Troubleshooting File and Printer Sharing in Microsoft Windows XP Windows Security * Windows XP ** Windows XP Security Guide *** Overview of the Windows XP Security Guide ** Step-by-Step Guide to Securing Windows XP Professional in Small and Medium Businesses * Windows Vista ** Windows Vista Security Guide * TechNet Security Center Troubleshooting Resources * How to troubleshoot wireless network connections in Windows XP * How to troubleshoot TCP/IP connectivity with Windows XP * How to Troubleshoot TCP/IP Connectivity with Windows 2000 or Windows NT * How to troubleshoot network connectivity problems * How to troubleshoot possible causes of Internet connection problems in Windows XP * How to reset Internet Protocol (TCP/IP) in Windows XP * How to Set Up a Small Network with Windows XP Home Edition * How to troubleshoot home networking in Windows XP * How to troubleshoot network printing problems in Windows XP * How to Troubleshoot Network Printing Problems * Basic L2TP/IPSec Troubleshooting in Windows XP * Availability and description of the Port Reporter tool (logs TCP and UDP port activity) * How to install the Microsoft Loopback adapter in Windows XP Configure manual IP address # Start → Control Panel → Network Connections # Right-click on desired network connection, and select Properties on the pop-up menu # Scroll the connection item list if necessary and double-click Internet Protocol (TCP/IP) # Select Use the following IP address # Enter desired IP address (must be in the same subnet as other local network devices, typically something like 192.168.0.100 or 192.168.1.100, depending on whether other devices are in ".0." or ".1." etc.) # Enter appropriate Subnet mask (typically 255.255.0.0) # Enter Default gateway (often the address of your router, something like 192.168.0.1 or 192.168.1.1) # If needed, configure DNS servers (obtained from your ISP) # Click OK to close all windows Configure automatic IP address e.g., ''by DHCP # ''Start → Control Panel → Network Connections # Right-click on desired network connection, and select Properties on the pop-up menu # Scroll the connection item list if necessary and double-click Internet Protocol (TCP/IP) # Select Obtain an IP address automatically # Select Obtain DNS server address automatically # Click OK to close all windows Reset Internet Protocol (TCP/IP) in Windows XP * See How to reset Internet Protocol (TCP/IP) in Windows XP (KB 299357) Display network adapter configuration # Click Start → Run # Type: %COMSPEC% /K IPCONFIG /ALL # Press Enter Release DHCP lease # Click Start → Run # Type: %COMSPEC% /K IPCONFIG /RELEASE # Press Enter Renew DHCP lease # Click Start → Run # Type: %COMSPEC% /K IPCONFIG /RENEW # Press Enter Flush DNS cache # Click Start → Run # Type: %COMSPEC% /K IPCONFIG /FLUSHDNS # Press Enter Display ARP cache (table) # Click Start → Run # Type: %COMSPEC% /K ARP -A # Press Enter Flush ARP cache (table) # Click Start → Run # Type: %COMSPEC% /K NETSH INTERFACE IP DELETE ARPCACHE # Press Enter Display active network connections and listening ports # Click Start → Run # Type: %COMSPEC% /K NETSTAT -A # Press Enter Display Ethernet statistics # Click Start → Run # Type: #* %COMSPEC% /K NETSTAT -E display #* %COMSPEC% /K NETSTAT -E -S display # Press Enter * For a repeating display, add the repeat interval in seconds to the end of the above commands; e.g. ''%COMSPEC% /K NETSTAT -E 10 at 10 second intervals * '''See also ''Wi-Fi Network Monitors.' Display Windows networking connections # Click ''Start → Run # Type: %COMSPEC% /K NBTSTAT -S # Press Enter Category:Wi-Fi